fastpaste_
← All guides

Share secrets with AI agents

Pasting API keys into a chat window trains logs, history, and context on your secret. FastPaste lets you share a 6-digit code with the agent while the actual secret lives on the server until a single pull — then it is gone.

Pattern

  1. Push the secret with the web handoff tool, CLI, or MCP (not in chat).
  2. Tell the agent only the code and instructions, e.g. "Pull FastPaste code 482193".
  3. The agent runs retrieve_secret or node cli/fastpaste.mjs pull once.
  4. The clip is burned; the secret never appeared in the conversation.

5-minute Cursor setup

MCP needs an API key (paid plan). The Agent Handoff web tool is free and does not require a key — use it if you only need occasional handoffs.

  1. Get an API key from Pricing (API Starter or Pro).
  2. Clone the repo (or use your existing checkout):
    git clone https://github.com/tiderbrandt/fastpaste.git
cd fastpaste
  3. Add FastPaste to Cursor MCP settings. Open Cursor → Settings → MCP → Edit config, or edit ~/.cursor/mcp.json directly. Copy from examples/cursor-mcp.json in the repo (use the absolute path to mcp/server.mjs on your machine):
    {
  "mcpServers": {
    "fastpaste": {
      "command": "node",
      "args": ["/absolute/path/to/fastpaste/mcp/server.mjs"],
      "env": {
        "FASTPASTE_API_KEY": "your_api_key",
        "FASTPASTE_API_URL": "https://fastpaste.dev"
      }
    }
  }
}
  4. Restart Cursor (or reload MCP servers) so the tools appear.
  5. Verify: in Agent chat, ask "Use FastPaste share_secret to push the text test-once and give me the code." You should see a 6-digit code in the response. Pull it with retrieve_secret to confirm the round trip.
  6. Optional: from the repo root, run npm run mcp in a terminal to test the server outside Cursor (stdio — it will wait for MCP messages).

Self-hosted installs: set FASTPASTE_API_URL to your instance (e.g. https://paste.example.com).

Web handoff (no API key)

Open Agent Handoff, fill in the secret and prompt template, then click Copy message for agent. Paste that into Cursor — the agent uses retrieve_secret to pull structured JSON (secret, prompt, constraints). You never paste the raw secret into chat.

CLI (terminal)

Requires an API key from a paid plan. The CLI is not on npm — run node cli/fastpaste.mjs from a clone. Set FASTPASTE_API_KEY in your environment.

# Push — prints a 6-digit code to stdout
export FASTPASTE_API_KEY=your_key
CODE=$(node cli/fastpaste.mjs push "sk-live-...")
echo "Give the agent code: $CODE"

# Pull — agent or script consumes once
node cli/fastpaste.mjs pull 482193

# Optional server-side passphrase lock
node cli/fastpaste.mjs push "secret" --passphrase "shared-with-agent"
node cli/fastpaste.mjs pull 482193 --passphrase "shared-with-agent"

MCP tools

FastPaste ships a thin MCP server with three tools:

  • share_secret — push text once; returns a 6-digit code
  • share_agent_handoff — push secret + prompt + constraints (same as /agent)
  • retrieve_secret — pull by code; returns text, file, or structured JSON

Suggested agent instruction

Add a rule or system note for your agent (Cursor Rules, project instructions, etc.):

When I provide a FastPaste 6-digit code, use retrieve_secret or node cli/fastpaste.mjs pull <code> to fetch the value. Never ask me to paste secrets, tokens, or passwords into chat.

Zero-knowledge (Sensitive mode) vs agents

The web UI Sensitive mode encrypts in the browser — the server never sees plaintext. CLI and MCP can still retrieve those clips with --passphrase / the passphrase argument on retrieve_secret (same key used in the browser). For fully automated agent handoff without a passphrase, use the Agent Handoff tool, API push, or CLI instead.

Good practices

  • Use the shortest TTL that fits your workflow.
  • Prefer single-read clips unless two automations must pull within minutes.
  • Rotate any credential that was ever pasted into a chat before you adopted this pattern.
  • See API docs for webhooks and plan limits.